Your message dated Tue, 14 Feb 2023 10:35:29 +0000 with message-id <e1prsen-003vp3...@fasolo.debian.org> and subject line Bug#1030849: fixed in heimdal 7.8.git20221117.28daf24+dfsg-1.1 has caused the Debian Bug report #1030849, regarding CVE-2022-45142: accidental logic inversion in signature verification in gsskrb5 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1030849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: heimdal Version: 7.8.git20221117.28daf24+dfsg-1 Severity: grave Tags: upstream Forwarded: https://www.openwall.com/lists/oss-security/2023/02/08/1 Hi, Debian's heimdal is also vulnerable to CVE-2022-45142. Refer to the openwall publication for details. Note that this vulnerability only applies to heimdal's maintenance branches and never affected its main development branch. It can be fixed either by applying the patch or by moving to the development branch. Salvatore will be issuing a DSA today. I'll be taking care of older releases. Helmut
--- End Message ---
--- Begin Message ---Source: heimdal Source-Version: 7.8.git20221117.28daf24+dfsg-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of heimdal, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1030...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated heimdal package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Feb 2023 10:35:50 +0100 Source: heimdal Architecture: source Version: 7.8.git20221117.28daf24+dfsg-1.1 Distribution: unstable Urgency: high Maintainer: Brian May <b...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1030849 Changes: heimdal (7.8.git20221117.28daf24+dfsg-1.1) unstable; urgency=high . * Non-maintainer upload. * gsskrb5: fix accidental logic inversions (CVE-2022-45142) (Closes: #1030849) Checksums-Sha1: a2e3386514b1628ff23600cc499bae08a62120ce 3768 heimdal_7.8.git20221117.28daf24+dfsg-1.1.dsc aeef2912fe240ec0e02d94053eebff50c5392a18 128292 heimdal_7.8.git20221117.28daf24+dfsg-1.1.debian.tar.xz Checksums-Sha256: 16f15d10f2f7d01c1faa7762b78837769a1809bfd9cb2d27209dbdb9f691b590 3768 heimdal_7.8.git20221117.28daf24+dfsg-1.1.dsc 1c4c939c8dfd178933c4bfc5cfd74e69ee56426397bbad5be9dd49c8553f56c9 128292 heimdal_7.8.git20221117.28daf24+dfsg-1.1.debian.tar.xz Files: 6ac87d6db307845b7238bd9c5a2722fc 3768 net optional heimdal_7.8.git20221117.28daf24+dfsg-1.1.dsc 06107962acf0b28c057e4ba97d8603cd 128292 net optional heimdal_7.8.git20221117.28daf24+dfsg-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPotjRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMP8P/A1l7+4KeW0GifIQDgLSVc5dYXEzA5cN /Rlrxbbv/eFIeKWO83qam1huN3B20+tsorNsgT0haDSwP8cUpKsYAHq2sOnbaxYs UD3yRKD3OgXCiSE2kmydTOgUjwSBryivdr9N+42p75LfNaWVcrKamzyDpHs5MyhS FuSzH8iFBWgS67rbw1ZlnYUwk7/eiGEYFzXiaHJXEgkItUoz7YbGL7nmZNrEiT3A fo2r1clxe1LwPUUBtWAL4063nqAaiBVXtTr3eq9FZIKSW0NkA71k/tnEr5fSsKbh CtmHMnrECDH4/jrfDN39+phAIu4uFzLQIqghl6Ib3HLYeOmcZqllv6XYMqo2jcar Y9wUzABM4VNpx+UiAPuUB9NpriXTch+wBi/8AmRhmkTgYEoKL9/TTXyhK//4FN3d KDNfPBmhngBzSk0eNit2fENlmTeIGer71dcUaXHObJb+bR+67+fQNpDUcKAWNEb+ mkG05iIFPUY+9xeUb1d6SHvnxu1oLnwFfzw9JEf965s1/LOhIMo2RwE/GqcqnxEr I4h7PAPBxgxE4H4WIgjIjg1Y3h0z1e4uVvvjEMha9HtVeGMwC3g3VkJxyJc2ymme acFhAmFjJNvH2Q2v5/qiEiCtv4WYLdZsN6UMjk4xu0w4CLyxivhCyXvBlmdxVq/W rlTn/+5y7Wl9 =6WVQ -----END PGP SIGNATURE-----
--- End Message ---
